op public repos

Blame

Date:: Mon Jun 12 21:27:24 2023 UTC
Message:: load_ca: get a buffer instead of a fd We dup(1) the ca fd and send it to various processes, so they fail loading it. Instead, use load_file to get a buffer with the file content and pass that to load_ca which then loads via BIO.
Actions:: History | Blob | Raw File
  1 c68baad2 2023-06-06 op /*
  2 c68baad2 2023-06-06 op  * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
  3 c68baad2 2023-06-06 op  *
  4 c68baad2 2023-06-06 op  * Permission to use, copy, modify, and distribute this software for any
  5 c68baad2 2023-06-06 op  * purpose with or without fee is hereby granted, provided that the above
  6 c68baad2 2023-06-06 op  * copyright notice and this permission notice appear in all copies.
  7 c68baad2 2023-06-06 op  *
  8 c68baad2 2023-06-06 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9 c68baad2 2023-06-06 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 10 c68baad2 2023-06-06 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 11 c68baad2 2023-06-06 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 12 c68baad2 2023-06-06 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 13 c68baad2 2023-06-06 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 14 c68baad2 2023-06-06 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 15 c68baad2 2023-06-06 op  */
 16 c68baad2 2023-06-06 op 
 17 c68baad2 2023-06-06 op #include "gmid.h"
 18 c68baad2 2023-06-06 op 
 19 c26f2460 2023-06-08 op #include <sys/stat.h>
 20 c26f2460 2023-06-08 op 
 21 c26f2460 2023-06-08 op #include <fcntl.h>
 22 c26f2460 2023-06-08 op #include <limits.h>
 23 c68baad2 2023-06-06 op #include <string.h>
 24 c68baad2 2023-06-06 op 
 25 86693a33 2023-06-11 op #include <openssl/pem.h>
 26 86693a33 2023-06-11 op 
 27 c26f2460 2023-06-08 op #include "log.h"
 28 c26f2460 2023-06-08 op #include "proc.h"
 29 c26f2460 2023-06-08 op 
 30 af1dab18 2023-06-09 op struct conf *
 31 af1dab18 2023-06-09 op config_new(void)
 32 c68baad2 2023-06-06 op {
 33 af1dab18 2023-06-09 op 	struct conf *conf;
 34 9b2587bb 2023-06-08 op 
 35 af1dab18 2023-06-09 op 	conf = xcalloc(1, sizeof(*conf));
 36 5d22294a 2023-06-09 op 
 37 af1dab18 2023-06-09 op 	TAILQ_INIT(&conf->fcgi);
 38 af1dab18 2023-06-09 op 	TAILQ_INIT(&conf->hosts);
 39 86693a33 2023-06-11 op 	TAILQ_INIT(&conf->pkis);
 40 c68baad2 2023-06-06 op 
 41 af1dab18 2023-06-09 op 	conf->port = 1965;
 42 af1dab18 2023-06-09 op 	conf->ipv6 = 0;
 43 af1dab18 2023-06-09 op 	conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
 44 c68baad2 2023-06-06 op 
 45 af1dab18 2023-06-09 op 	init_mime(&conf->mime);
 46 c26f2460 2023-06-08 op 
 47 af1dab18 2023-06-09 op 	conf->prefork = 3;
 48 af1dab18 2023-06-09 op 
 49 ba290ef3 2023-06-11 op #ifdef __OpenBSD__
 50 ba290ef3 2023-06-11 op 	conf->use_privsep_crypto = 1;
 51 ba290ef3 2023-06-11 op #endif
 52 ba290ef3 2023-06-11 op 
 53 af1dab18 2023-06-09 op 	conf->sock4 = -1;
 54 af1dab18 2023-06-09 op 	conf->sock6 = -1;
 55 af1dab18 2023-06-09 op 
 56 af1dab18 2023-06-09 op 	return conf;
 57 c68baad2 2023-06-06 op }
 58 c68baad2 2023-06-06 op 
 59 c68baad2 2023-06-06 op void
 60 af1dab18 2023-06-09 op config_purge(struct conf *conf)
 61 c68baad2 2023-06-06 op {
 62 c26f2460 2023-06-08 op 	struct privsep *ps;
 63 5d22294a 2023-06-09 op 	struct fcgi *f, *tf;
 64 c68baad2 2023-06-06 op 	struct vhost *h, *th;
 65 c68baad2 2023-06-06 op 	struct location *l, *tl;
 66 c68baad2 2023-06-06 op 	struct proxy *p, *tp;
 67 c68baad2 2023-06-06 op 	struct envlist *e, *te;
 68 c68baad2 2023-06-06 op 	struct alist *a, *ta;
 69 86693a33 2023-06-11 op 	struct pki *pki, *tpki;
 70 ba290ef3 2023-06-11 op 	int use_privsep_crypto;
 71 c68baad2 2023-06-06 op 
 72 af1dab18 2023-06-09 op 	ps = conf->ps;
 73 ba290ef3 2023-06-11 op 	use_privsep_crypto = conf->use_privsep_crypto;
 74 c68baad2 2023-06-06 op 
 75 af1dab18 2023-06-09 op 	if (conf->sock4 != -1) {
 76 af1dab18 2023-06-09 op 		event_del(&conf->evsock4);
 77 af1dab18 2023-06-09 op 		close(conf->sock4);
 78 c26f2460 2023-06-08 op 	}
 79 c26f2460 2023-06-08 op 
 80 af1dab18 2023-06-09 op 	if (conf->sock6 != -1) {
 81 af1dab18 2023-06-09 op 		event_del(&conf->evsock6);
 82 af1dab18 2023-06-09 op 		close(conf->sock6);
 83 c26f2460 2023-06-08 op 	}
 84 c26f2460 2023-06-08 op 
 85 af1dab18 2023-06-09 op 	free_mime(&conf->mime);
 86 af1dab18 2023-06-09 op 	TAILQ_FOREACH_SAFE(f, &conf->fcgi, fcgi, tf) {
 87 af1dab18 2023-06-09 op 		TAILQ_REMOVE(&conf->fcgi, f, fcgi);
 88 5d22294a 2023-06-09 op 		free(f);
 89 5d22294a 2023-06-09 op 	}
 90 c68baad2 2023-06-06 op 
 91 af1dab18 2023-06-09 op 	TAILQ_FOREACH_SAFE(h, &conf->hosts, vhosts, th) {
 92 1c6967b3 2023-06-08 op 		free(h->cert_path);
 93 1c6967b3 2023-06-08 op 		free(h->key_path);
 94 1c6967b3 2023-06-08 op 		free(h->ocsp_path);
 95 c26f2460 2023-06-08 op 		free(h->cert);
 96 c26f2460 2023-06-08 op 		free(h->key);
 97 c26f2460 2023-06-08 op 		free(h->ocsp);
 98 c26f2460 2023-06-08 op 
 99 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(l, &h->locations, locations, tl) {
100 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->locations, l, locations);
101 c68baad2 2023-06-06 op 
102 c68baad2 2023-06-06 op 			if (l->dirfd != -1)
103 c68baad2 2023-06-06 op 				close(l->dirfd);
104 c68baad2 2023-06-06 op 
105 deadd9e1 2023-06-09 op 			free(l->reqca_path);
106 deadd9e1 2023-06-09 op 			X509_STORE_free(l->reqca);
107 c68baad2 2023-06-06 op 			free(l);
108 c68baad2 2023-06-06 op 		}
109 c68baad2 2023-06-06 op 
110 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(e, &h->params, envs, te) {
111 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->params, e, envs);
112 c68baad2 2023-06-06 op 			free(e);
113 c68baad2 2023-06-06 op 		}
114 c68baad2 2023-06-06 op 
115 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(a, &h->aliases, aliases, ta) {
116 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->aliases, a, aliases);
117 c68baad2 2023-06-06 op 			free(a);
118 c68baad2 2023-06-06 op 		}
119 c68baad2 2023-06-06 op 
120 c68baad2 2023-06-06 op 		TAILQ_FOREACH_SAFE(p, &h->proxies, proxies, tp) {
121 c68baad2 2023-06-06 op 			TAILQ_REMOVE(&h->proxies, p, proxies);
122 deadd9e1 2023-06-09 op 			free(p->cert_path);
123 deadd9e1 2023-06-09 op 			free(p->cert);
124 deadd9e1 2023-06-09 op 			free(p->key_path);
125 deadd9e1 2023-06-09 op 			free(p->key);
126 deadd9e1 2023-06-09 op 			free(p->reqca_path);
127 deadd9e1 2023-06-09 op 			X509_STORE_free(p->reqca);
128 c68baad2 2023-06-06 op 			free(p);
129 c68baad2 2023-06-06 op 		}
130 c68baad2 2023-06-06 op 
131 af1dab18 2023-06-09 op 		TAILQ_REMOVE(&conf->hosts, h, vhosts);
132 c68baad2 2023-06-06 op 		free(h);
133 c68baad2 2023-06-06 op 	}
134 e45334e6 2023-06-09 op 
135 86693a33 2023-06-11 op 	TAILQ_FOREACH_SAFE(pki, &conf->pkis, pkis, tpki) {
136 86693a33 2023-06-11 op 		TAILQ_REMOVE(&conf->pkis, pki, pkis);
137 86693a33 2023-06-11 op 		free(pki->hash);
138 86693a33 2023-06-11 op 		EVP_PKEY_free(pki->pkey);
139 86693a33 2023-06-11 op 		free(pki);
140 86693a33 2023-06-11 op 	}
141 86693a33 2023-06-11 op 
142 af1dab18 2023-06-09 op 	memset(conf, 0, sizeof(*conf));
143 e45334e6 2023-06-09 op 
144 af1dab18 2023-06-09 op 	conf->ps = ps;
145 ba290ef3 2023-06-11 op 	conf->use_privsep_crypto = use_privsep_crypto;
146 af1dab18 2023-06-09 op 	conf->sock4 = conf->sock6 = -1;
147 af1dab18 2023-06-09 op 	conf->protos = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3;
148 af1dab18 2023-06-09 op 	init_mime(&conf->mime);
149 af1dab18 2023-06-09 op 	TAILQ_INIT(&conf->fcgi);
150 af1dab18 2023-06-09 op 	TAILQ_INIT(&conf->hosts);
151 86693a33 2023-06-11 op 	TAILQ_INIT(&conf->pkis);
152 c68baad2 2023-06-06 op }
153 c26f2460 2023-06-08 op 
154 c26f2460 2023-06-08 op static int
155 2e880a57 2023-06-10 op config_send_file(struct privsep *ps, enum privsep_procid id, int type,
156 2e880a57 2023-06-10 op     int fd, void *data, size_t l)
157 c26f2460 2023-06-08 op {
158 2e880a57 2023-06-10 op 	int	 n, m, d;
159 c26f2460 2023-06-08 op 
160 c26f2460 2023-06-08 op 	n = -1;
161 c26f2460 2023-06-08 op 	proc_range(ps, id, &n, &m);
162 c26f2460 2023-06-08 op 	for (n = 0; n < m; ++n) {
163 deadd9e1 2023-06-09 op 		d = -1;
164 deadd9e1 2023-06-09 op 		if (fd != -1 && (d = dup(fd)) == -1)
165 deadd9e1 2023-06-09 op 			fatal("dup %d", fd);
166 deadd9e1 2023-06-09 op 		if (proc_compose_imsg(ps, id, n, type, -1, d, data, l)
167 c26f2460 2023-06-08 op 		    == -1)
168 c26f2460 2023-06-08 op 			return -1;
169 c26f2460 2023-06-08 op 	}
170 c26f2460 2023-06-08 op 
171 deadd9e1 2023-06-09 op 	if (fd != -1)
172 deadd9e1 2023-06-09 op 		close(fd);
173 c26f2460 2023-06-08 op 	return 0;
174 c26f2460 2023-06-08 op }
175 c26f2460 2023-06-08 op 
176 c26f2460 2023-06-08 op static int
177 2e880a57 2023-06-10 op config_open_send(struct privsep *ps, enum privsep_procid id, int type,
178 2e880a57 2023-06-10 op     const char *path)
179 deadd9e1 2023-06-09 op {
180 deadd9e1 2023-06-09 op 	int fd;
181 deadd9e1 2023-06-09 op 
182 deadd9e1 2023-06-09 op 	log_debug("sending %s", path);
183 deadd9e1 2023-06-09 op 
184 deadd9e1 2023-06-09 op 	if ((fd = open(path, O_RDONLY)) == -1)
185 deadd9e1 2023-06-09 op 		fatal("can't open %s", path);
186 deadd9e1 2023-06-09 op 
187 2e880a57 2023-06-10 op 	return config_send_file(ps, id, type, fd, NULL, 0);
188 deadd9e1 2023-06-09 op }
189 deadd9e1 2023-06-09 op 
190 deadd9e1 2023-06-09 op static int
191 86693a33 2023-06-11 op config_send_kp(struct privsep *ps, int cert_type, int key_type,
192 86693a33 2023-06-11 op     const char *cert, const char *key)
193 86693a33 2023-06-11 op {
194 ba290ef3 2023-06-11 op 	struct conf *conf = ps->ps_env;
195 ba290ef3 2023-06-11 op 	int fd, d, key_target;
196 86693a33 2023-06-11 op 
197 86693a33 2023-06-11 op 	log_debug("sending %s", cert);
198 86693a33 2023-06-11 op 	if ((fd = open(cert, O_RDONLY)) == -1)
199 86693a33 2023-06-11 op 		fatal("can't open %s", cert);
200 86693a33 2023-06-11 op 	if ((d = dup(fd)) == -1)
201 86693a33 2023-06-11 op 		fatal("fd");
202 86693a33 2023-06-11 op 
203 86693a33 2023-06-11 op 	if (config_send_file(ps, PROC_SERVER, cert_type, fd, NULL, 0) == -1) {
204 86693a33 2023-06-11 op 		close(d);
205 86693a33 2023-06-11 op 		return -1;
206 86693a33 2023-06-11 op 	}
207 ba290ef3 2023-06-11 op 	if (conf->use_privsep_crypto &&
208 ba290ef3 2023-06-11 op 	    config_send_file(ps, PROC_CRYPTO, cert_type, d, NULL, 0) == -1)
209 86693a33 2023-06-11 op 		return -1;
210 ba290ef3 2023-06-11 op 
211 ba290ef3 2023-06-11 op 	key_target = PROC_CRYPTO;
212 ba290ef3 2023-06-11 op 	if (!conf->use_privsep_crypto)
213 ba290ef3 2023-06-11 op 		key_target = PROC_SERVER;
214 ba290ef3 2023-06-11 op 
215 89cfcb45 2023-06-12 op 	if (config_open_send(ps, key_target, key_type, key) == -1)
216 86693a33 2023-06-11 op 		return -1;
217 86693a33 2023-06-11 op 
218 86693a33 2023-06-11 op 	if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
219 86693a33 2023-06-11 op 		return -1;
220 86693a33 2023-06-11 op 	if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1)
221 86693a33 2023-06-11 op 		return -1;
222 86693a33 2023-06-11 op 	return 0;
223 86693a33 2023-06-11 op }
224 86693a33 2023-06-11 op 
225 86693a33 2023-06-11 op static int
226 4f4937f0 2023-06-08 op make_socket(int port, int family)
227 4f4937f0 2023-06-08 op {
228 4f4937f0 2023-06-08 op 	int sock, v;
229 4f4937f0 2023-06-08 op 	struct sockaddr_in addr4;
230 4f4937f0 2023-06-08 op 	struct sockaddr_in6 addr6;
231 4f4937f0 2023-06-08 op 	struct sockaddr *addr;
232 4f4937f0 2023-06-08 op 	socklen_t len;
233 4f4937f0 2023-06-08 op 
234 4f4937f0 2023-06-08 op 	switch (family) {
235 4f4937f0 2023-06-08 op 	case AF_INET:
236 4f4937f0 2023-06-08 op 		memset(&addr4, 0, sizeof(addr4));
237 4f4937f0 2023-06-08 op 		addr4.sin_family = family;
238 4f4937f0 2023-06-08 op 		addr4.sin_port = htons(port);
239 4f4937f0 2023-06-08 op 		addr4.sin_addr.s_addr = INADDR_ANY;
240 4f4937f0 2023-06-08 op 		addr = (struct sockaddr*)&addr4;
241 4f4937f0 2023-06-08 op 		len = sizeof(addr4);
242 4f4937f0 2023-06-08 op 		break;
243 4f4937f0 2023-06-08 op 
244 4f4937f0 2023-06-08 op 	case AF_INET6:
245 4f4937f0 2023-06-08 op 		memset(&addr6, 0, sizeof(addr6));
246 4f4937f0 2023-06-08 op 		addr6.sin6_family = AF_INET6;
247 4f4937f0 2023-06-08 op 		addr6.sin6_port = htons(port);
248 4f4937f0 2023-06-08 op 		addr6.sin6_addr = in6addr_any;
249 4f4937f0 2023-06-08 op 		addr = (struct sockaddr*)&addr6;
250 4f4937f0 2023-06-08 op 		len = sizeof(addr6);
251 4f4937f0 2023-06-08 op 		break;
252 4f4937f0 2023-06-08 op 
253 4f4937f0 2023-06-08 op 	default:
254 4f4937f0 2023-06-08 op 		/* unreachable */
255 4f4937f0 2023-06-08 op 		abort();
256 4f4937f0 2023-06-08 op 	}
257 4f4937f0 2023-06-08 op 
258 4f4937f0 2023-06-08 op 	if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
259 4f4937f0 2023-06-08 op 		fatal("socket");
260 4f4937f0 2023-06-08 op 
261 4f4937f0 2023-06-08 op 	v = 1;
262 4f4937f0 2023-06-08 op 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
263 4f4937f0 2023-06-08 op 		fatal("setsockopt(SO_REUSEADDR)");
264 4f4937f0 2023-06-08 op 
265 4f4937f0 2023-06-08 op 	v = 1;
266 4f4937f0 2023-06-08 op 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
267 4f4937f0 2023-06-08 op 		fatal("setsockopt(SO_REUSEPORT)");
268 4f4937f0 2023-06-08 op 
269 4f4937f0 2023-06-08 op 	mark_nonblock(sock);
270 4f4937f0 2023-06-08 op 
271 4f4937f0 2023-06-08 op 	if (bind(sock, addr, len) == -1)
272 4f4937f0 2023-06-08 op 		fatal("bind");
273 4f4937f0 2023-06-08 op 
274 4f4937f0 2023-06-08 op 	if (listen(sock, 16) == -1)
275 4f4937f0 2023-06-08 op 		fatal("listen");
276 4f4937f0 2023-06-08 op 
277 4f4937f0 2023-06-08 op 	return sock;
278 4f4937f0 2023-06-08 op }
279 4f4937f0 2023-06-08 op 
280 4f4937f0 2023-06-08 op static int
281 c26f2460 2023-06-08 op config_send_socks(struct conf *conf)
282 c26f2460 2023-06-08 op {
283 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
284 c26f2460 2023-06-08 op 	int		 sock;
285 c26f2460 2023-06-08 op 
286 c26f2460 2023-06-08 op 	if ((sock = make_socket(conf->port, AF_INET)) == -1)
287 c26f2460 2023-06-08 op 		return -1;
288 c26f2460 2023-06-08 op 
289 2e880a57 2023-06-10 op 	if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_SOCK4, sock,
290 2e880a57 2023-06-10 op 	    NULL, 0) == -1)
291 c26f2460 2023-06-08 op 		return -1;
292 c26f2460 2023-06-08 op 
293 c26f2460 2023-06-08 op 	if (!conf->ipv6)
294 c26f2460 2023-06-08 op 		return 0;
295 c26f2460 2023-06-08 op 
296 c26f2460 2023-06-08 op 	if ((sock = make_socket(conf->port, AF_INET6)) == -1)
297 c26f2460 2023-06-08 op 		return -1;
298 c26f2460 2023-06-08 op 
299 2e880a57 2023-06-10 op 	if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_SOCK6, sock,
300 2e880a57 2023-06-10 op 	    NULL, 0) == -1)
301 c26f2460 2023-06-08 op 		return -1;
302 c26f2460 2023-06-08 op 
303 c26f2460 2023-06-08 op 	return 0;
304 c26f2460 2023-06-08 op }
305 c26f2460 2023-06-08 op 
306 c26f2460 2023-06-08 op int
307 e45334e6 2023-06-09 op config_send(struct conf *conf)
308 c26f2460 2023-06-08 op {
309 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
310 c26f2460 2023-06-08 op 	struct etm	*m;
311 5d22294a 2023-06-09 op 	struct fcgi	*fcgi;
312 c26f2460 2023-06-08 op 	struct vhost	*h;
313 c26f2460 2023-06-08 op 	struct location	*l;
314 c26f2460 2023-06-08 op 	struct proxy	*p;
315 c26f2460 2023-06-08 op 	struct envlist	*e;
316 c26f2460 2023-06-08 op 	struct alist	*a;
317 c26f2460 2023-06-08 op 	size_t		 i;
318 c26f2460 2023-06-08 op 
319 c26f2460 2023-06-08 op 	for (i = 0; i < conf->mime.len; ++i) {
320 c26f2460 2023-06-08 op 		m = &conf->mime.t[i];
321 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_MIME,
322 c26f2460 2023-06-08 op 		    m, sizeof(*m)) == -1)
323 c26f2460 2023-06-08 op 			return -1;
324 c26f2460 2023-06-08 op 	}
325 c26f2460 2023-06-08 op 
326 c26f2460 2023-06-08 op 	if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PROTOS,
327 c26f2460 2023-06-08 op 	    &conf->protos, sizeof(conf->protos)) == -1)
328 c26f2460 2023-06-08 op 		return -1;
329 c26f2460 2023-06-08 op 
330 c26f2460 2023-06-08 op 	if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_PORT,
331 c26f2460 2023-06-08 op 	    &conf->port, sizeof(conf->port)) == -1)
332 c26f2460 2023-06-08 op 		return -1;
333 c26f2460 2023-06-08 op 
334 c26f2460 2023-06-08 op 	if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
335 c26f2460 2023-06-08 op 		return -1;
336 c26f2460 2023-06-08 op 
337 c26f2460 2023-06-08 op 	if (config_send_socks(conf) == -1)
338 c26f2460 2023-06-08 op 		return -1;
339 c26f2460 2023-06-08 op 
340 c26f2460 2023-06-08 op 	if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
341 c26f2460 2023-06-08 op 		return -1;
342 c26f2460 2023-06-08 op 
343 5d22294a 2023-06-09 op 	TAILQ_FOREACH(fcgi, &conf->fcgi, fcgi) {
344 5d22294a 2023-06-09 op 		log_debug("sending fastcgi %s", fcgi->path);
345 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_FCGI,
346 5d22294a 2023-06-09 op 		    fcgi, sizeof(*fcgi)) == -1)
347 c26f2460 2023-06-08 op 			return -1;
348 c26f2460 2023-06-08 op 	}
349 c26f2460 2023-06-08 op 
350 e45334e6 2023-06-09 op 	TAILQ_FOREACH(h, &conf->hosts, vhosts) {
351 1c6967b3 2023-06-08 op 		struct vhost vcopy;
352 1c6967b3 2023-06-08 op 
353 1c6967b3 2023-06-08 op 		memcpy(&vcopy, h, sizeof(vcopy));
354 1c6967b3 2023-06-08 op 		vcopy.cert_path = NULL;
355 1c6967b3 2023-06-08 op 		vcopy.key_path = NULL;
356 1c6967b3 2023-06-08 op 		vcopy.ocsp_path = NULL;
357 1c6967b3 2023-06-08 op 
358 c26f2460 2023-06-08 op 		log_debug("sending host %s", h->domain);
359 c26f2460 2023-06-08 op 
360 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_HOST,
361 1c6967b3 2023-06-08 op 		    &vcopy, sizeof(vcopy)) == -1)
362 c26f2460 2023-06-08 op 			return -1;
363 c26f2460 2023-06-08 op 
364 86693a33 2023-06-11 op 		if (config_send_kp(ps, IMSG_RECONF_CERT, IMSG_RECONF_KEY,
365 86693a33 2023-06-11 op 		    h->cert_path, h->key_path) == -1)
366 c26f2460 2023-06-08 op 			return -1;
367 c26f2460 2023-06-08 op 
368 1c6967b3 2023-06-08 op 		if (h->ocsp_path != NULL) {
369 15e60fdf 2023-06-11 op 			if (config_open_send(ps, PROC_SERVER, IMSG_RECONF_OCSP,
370 15e60fdf 2023-06-11 op 			    h->ocsp_path) == -1)
371 15e60fdf 2023-06-11 op 				return -1;
372 15e60fdf 2023-06-11 op 			if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
373 c26f2460 2023-06-08 op 				return -1;
374 c26f2460 2023-06-08 op 		}
375 c26f2460 2023-06-08 op 
376 c26f2460 2023-06-08 op 		TAILQ_FOREACH(l, &h->locations, locations) {
377 deadd9e1 2023-06-09 op 			struct location lcopy;
378 deadd9e1 2023-06-09 op 			int fd = -1;
379 deadd9e1 2023-06-09 op 
380 deadd9e1 2023-06-09 op 			memcpy(&lcopy, l, sizeof(lcopy));
381 deadd9e1 2023-06-09 op 			lcopy.reqca_path = NULL;
382 deadd9e1 2023-06-09 op 			lcopy.reqca = NULL;
383 deadd9e1 2023-06-09 op 			lcopy.dirfd = -1;
384 deadd9e1 2023-06-09 op 			memset(&lcopy.locations, 0, sizeof(lcopy.locations));
385 deadd9e1 2023-06-09 op 
386 deadd9e1 2023-06-09 op 			if (l->reqca_path != NULL &&
387 deadd9e1 2023-06-09 op 			    (fd = open(l->reqca_path, O_RDONLY)) == -1)
388 deadd9e1 2023-06-09 op 				fatal("can't open %s", l->reqca_path);
389 deadd9e1 2023-06-09 op 
390 2e880a57 2023-06-10 op 			if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_LOC,
391 2e880a57 2023-06-10 op 			    fd, &lcopy, sizeof(lcopy)) == -1)
392 c26f2460 2023-06-08 op 				return -1;
393 c26f2460 2023-06-08 op 		}
394 c26f2460 2023-06-08 op 
395 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
396 c26f2460 2023-06-08 op 			return -1;
397 c26f2460 2023-06-08 op 
398 c26f2460 2023-06-08 op 		TAILQ_FOREACH(e, &h->params, envs) {
399 c26f2460 2023-06-08 op 			if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ENV,
400 c26f2460 2023-06-08 op 			    e, sizeof(*e)) == -1)
401 c26f2460 2023-06-08 op 				return -1;
402 c26f2460 2023-06-08 op 		}
403 c26f2460 2023-06-08 op 
404 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
405 c26f2460 2023-06-08 op 			return -1;
406 c26f2460 2023-06-08 op 
407 c26f2460 2023-06-08 op 		TAILQ_FOREACH(a, &h->aliases, aliases) {
408 c26f2460 2023-06-08 op 			if (proc_compose(ps, PROC_SERVER, IMSG_RECONF_ALIAS,
409 c26f2460 2023-06-08 op 			    a, sizeof(*a)) == -1)
410 c26f2460 2023-06-08 op 				return -1;
411 c26f2460 2023-06-08 op 		}
412 c26f2460 2023-06-08 op 
413 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
414 c26f2460 2023-06-08 op 			return -1;
415 c26f2460 2023-06-08 op 
416 c26f2460 2023-06-08 op 		TAILQ_FOREACH(p, &h->proxies, proxies) {
417 deadd9e1 2023-06-09 op 			struct proxy pcopy;
418 deadd9e1 2023-06-09 op 			int fd = -1;
419 deadd9e1 2023-06-09 op 
420 deadd9e1 2023-06-09 op 			memcpy(&pcopy, p, sizeof(pcopy));
421 deadd9e1 2023-06-09 op 			pcopy.cert_path = NULL;
422 deadd9e1 2023-06-09 op 			pcopy.cert = NULL;
423 deadd9e1 2023-06-09 op 			pcopy.certlen = 0;
424 deadd9e1 2023-06-09 op 			pcopy.key_path = NULL;
425 deadd9e1 2023-06-09 op 			pcopy.key = NULL;
426 deadd9e1 2023-06-09 op 			pcopy.keylen = 0;
427 deadd9e1 2023-06-09 op 			pcopy.reqca_path = NULL;
428 deadd9e1 2023-06-09 op 			pcopy.reqca = NULL;
429 deadd9e1 2023-06-09 op 
430 deadd9e1 2023-06-09 op 			if (p->reqca_path != NULL) {
431 deadd9e1 2023-06-09 op 				fd = open(p->reqca_path, O_RDONLY);
432 deadd9e1 2023-06-09 op 				if (fd == -1)
433 deadd9e1 2023-06-09 op 					fatal("can't open %s", p->reqca_path);
434 deadd9e1 2023-06-09 op 			}
435 deadd9e1 2023-06-09 op 
436 2e880a57 2023-06-10 op 			if (config_send_file(ps, PROC_SERVER, IMSG_RECONF_PROXY,
437 2e880a57 2023-06-10 op 			    fd, &pcopy, sizeof(pcopy)) == -1)
438 c26f2460 2023-06-08 op 				return -1;
439 deadd9e1 2023-06-09 op 
440 86693a33 2023-06-11 op 			if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
441 deadd9e1 2023-06-09 op 				return -1;
442 deadd9e1 2023-06-09 op 
443 86693a33 2023-06-11 op 			if (p->cert_path == NULL || p->key_path == NULL)
444 86693a33 2023-06-11 op 				continue;
445 86693a33 2023-06-11 op 
446 86693a33 2023-06-11 op 			if (config_open_send(ps, PROC_SERVER,
447 86693a33 2023-06-11 op 			    IMSG_RECONF_PROXY_CERT, p->cert_path) == -1 ||
448 2e880a57 2023-06-10 op 			    config_open_send(ps, PROC_SERVER,
449 2e880a57 2023-06-10 op 			    IMSG_RECONF_PROXY_KEY, p->key_path) == -1)
450 deadd9e1 2023-06-09 op 				return -1;
451 deadd9e1 2023-06-09 op 
452 deadd9e1 2023-06-09 op 			if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
453 deadd9e1 2023-06-09 op 				return -1;
454 c26f2460 2023-06-08 op 		}
455 c26f2460 2023-06-08 op 
456 c26f2460 2023-06-08 op 		if (proc_flush_imsg(ps, PROC_SERVER, -1) == -1)
457 c26f2460 2023-06-08 op 			return -1;
458 c26f2460 2023-06-08 op 	}
459 c26f2460 2023-06-08 op 
460 c26f2460 2023-06-08 op 	return 0;
461 c26f2460 2023-06-08 op }
462 c26f2460 2023-06-08 op 
463 c26f2460 2023-06-08 op static int
464 c26f2460 2023-06-08 op load_file(int fd, uint8_t **data, size_t *len)
465 c26f2460 2023-06-08 op {
466 c26f2460 2023-06-08 op 	struct stat	 sb;
467 4ad573d0 2023-06-11 op 	ssize_t		 r;
468 c26f2460 2023-06-08 op 
469 c26f2460 2023-06-08 op 	if (fstat(fd, &sb) == -1)
470 c26f2460 2023-06-08 op 		fatal("fstat");
471 c26f2460 2023-06-08 op 
472 c26f2460 2023-06-08 op 	if (sb.st_size < 0 /* || sb.st_size > SIZE_MAX */) {
473 c26f2460 2023-06-08 op 		log_warnx("file too large");
474 4ad573d0 2023-06-11 op 		close(fd);
475 c26f2460 2023-06-08 op 		return -1;
476 c26f2460 2023-06-08 op 	}
477 c26f2460 2023-06-08 op 	*len = sb.st_size;
478 c26f2460 2023-06-08 op 
479 c26f2460 2023-06-08 op 	if ((*data = malloc(*len)) == NULL)
480 c26f2460 2023-06-08 op 		fatal("malloc");
481 c26f2460 2023-06-08 op 
482 4ad573d0 2023-06-11 op 	r = pread(fd, *data, *len, 0);
483 4ad573d0 2023-06-11 op 	if (r == -1 || (size_t)r != *len) {
484 4ad573d0 2023-06-11 op 		log_warn("read failed");
485 4ad573d0 2023-06-11 op 		close(fd);
486 c26f2460 2023-06-08 op 		free(*data);
487 c26f2460 2023-06-08 op 		return -1;
488 c26f2460 2023-06-08 op 	}
489 c26f2460 2023-06-08 op 
490 4ad573d0 2023-06-11 op 	close(fd);
491 c26f2460 2023-06-08 op 	return 0;
492 c26f2460 2023-06-08 op }
493 c26f2460 2023-06-08 op 
494 86693a33 2023-06-11 op static int
495 86693a33 2023-06-11 op config_crypto_recv_kp(struct conf *conf, struct imsg *imsg)
496 86693a33 2023-06-11 op {
497 86693a33 2023-06-11 op 	static struct pki *pki;
498 86693a33 2023-06-11 op 	uint8_t *d;
499 86693a33 2023-06-11 op 	size_t len;
500 86693a33 2023-06-11 op 
501 86693a33 2023-06-11 op 	/* XXX: check for duplicates */
502 86693a33 2023-06-11 op 
503 86693a33 2023-06-11 op 	if (imsg->fd == -1)
504 86693a33 2023-06-11 op 		fatalx("no fd for imsg %d", imsg->hdr.type);
505 86693a33 2023-06-11 op 
506 86693a33 2023-06-11 op 	switch (imsg->hdr.type) {
507 86693a33 2023-06-11 op 	case IMSG_RECONF_CERT:
508 86693a33 2023-06-11 op 		if (pki != NULL)
509 86693a33 2023-06-11 op 			fatalx("imsg in wrong order; pki is not NULL");
510 86693a33 2023-06-11 op 		if ((pki = calloc(1, sizeof(*pki))) == NULL)
511 86693a33 2023-06-11 op 			fatal("calloc");
512 86693a33 2023-06-11 op 		if (load_file(imsg->fd, &d, &len) == -1)
513 86693a33 2023-06-11 op 			fatalx("can't load file");
514 86693a33 2023-06-11 op 		if ((pki->hash = ssl_pubkey_hash(d, len)) == NULL)
515 86693a33 2023-06-11 op 			fatalx("failed to compute cert hash");
516 86693a33 2023-06-11 op 		free(d);
517 86693a33 2023-06-11 op 		TAILQ_INSERT_TAIL(&conf->pkis, pki, pkis);
518 86693a33 2023-06-11 op 		break;
519 86693a33 2023-06-11 op 
520 86693a33 2023-06-11 op 	case IMSG_RECONF_KEY:
521 86693a33 2023-06-11 op 		if (pki == NULL)
522 86693a33 2023-06-11 op 			fatalx("got key without cert beforehand %d",
523 86693a33 2023-06-11 op 			    imsg->hdr.type);
524 86693a33 2023-06-11 op 		if (load_file(imsg->fd, &d, &len) == -1)
525 86693a33 2023-06-11 op 			fatalx("failed to load private key");
526 86693a33 2023-06-11 op 		if ((pki->pkey = ssl_load_pkey(d, len)) == NULL)
527 86693a33 2023-06-11 op 			fatalx("failed load private key");
528 86693a33 2023-06-11 op 		free(d);
529 86693a33 2023-06-11 op 		pki = NULL;
530 86693a33 2023-06-11 op 		break;
531 86693a33 2023-06-11 op 
532 86693a33 2023-06-11 op 	default:
533 86693a33 2023-06-11 op 		return -1;
534 86693a33 2023-06-11 op 	}
535 86693a33 2023-06-11 op 
536 86693a33 2023-06-11 op 	return 0;
537 86693a33 2023-06-11 op }
538 86693a33 2023-06-11 op 
539 c26f2460 2023-06-08 op int
540 c26f2460 2023-06-08 op config_recv(struct conf *conf, struct imsg *imsg)
541 c26f2460 2023-06-08 op {
542 c26f2460 2023-06-08 op 	static struct vhost *h;
543 deadd9e1 2023-06-09 op 	static struct proxy *p;
544 c26f2460 2023-06-08 op 	struct privsep	*ps = conf->ps;
545 c26f2460 2023-06-08 op 	struct etm	 m;
546 5d22294a 2023-06-09 op 	struct fcgi	*fcgi;
547 c26f2460 2023-06-08 op 	struct vhost	*vh, vht;
548 c26f2460 2023-06-08 op 	struct location	*loc;
549 c26f2460 2023-06-08 op 	struct envlist	*env;
550 c26f2460 2023-06-08 op 	struct alist	*alias;
551 c26f2460 2023-06-08 op 	struct proxy	*proxy;
552 2cef5cf4 2023-06-12 op 	uint8_t		*d;
553 2cef5cf4 2023-06-12 op 	size_t		 len, datalen;
554 c26f2460 2023-06-08 op 
555 c26f2460 2023-06-08 op 	datalen = IMSG_DATA_SIZE(imsg);
556 c26f2460 2023-06-08 op 
557 c26f2460 2023-06-08 op 	switch (imsg->hdr.type) {
558 c26f2460 2023-06-08 op 	case IMSG_RECONF_START:
559 af1dab18 2023-06-09 op 		config_purge(conf);
560 c26f2460 2023-06-08 op 		h = NULL;
561 deadd9e1 2023-06-09 op 		p = NULL;
562 c26f2460 2023-06-08 op 		break;
563 c26f2460 2023-06-08 op 
564 c26f2460 2023-06-08 op 	case IMSG_RECONF_MIME:
565 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &m);
566 c26f2460 2023-06-08 op 		memcpy(&m, imsg->data, datalen);
567 c26f2460 2023-06-08 op 		if (m.mime[sizeof(m.mime) - 1] != '\0' ||
568 c26f2460 2023-06-08 op 		    m.ext[sizeof(m.ext) - 1] != '\0')
569 c26f2460 2023-06-08 op 			fatal("received corrupted IMSG_RECONF_MIME");
570 c26f2460 2023-06-08 op 		if (add_mime(&conf->mime, m.mime, m.ext) == -1)
571 c26f2460 2023-06-08 op 			fatal("failed to add mime mapping %s -> %s",
572 c26f2460 2023-06-08 op 			    m.mime, m.ext);
573 c26f2460 2023-06-08 op 		break;
574 c26f2460 2023-06-08 op 
575 c26f2460 2023-06-08 op 	case IMSG_RECONF_PROTOS:
576 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &conf->protos);
577 c26f2460 2023-06-08 op 		memcpy(&conf->protos, imsg->data, datalen);
578 c26f2460 2023-06-08 op 		break;
579 c26f2460 2023-06-08 op 
580 c26f2460 2023-06-08 op 	case IMSG_RECONF_PORT:
581 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &conf->port);
582 c26f2460 2023-06-08 op 		memcpy(&conf->port, imsg->data, datalen);
583 c26f2460 2023-06-08 op 		break;
584 c26f2460 2023-06-08 op 
585 c26f2460 2023-06-08 op 	case IMSG_RECONF_SOCK4:
586 c26f2460 2023-06-08 op 		if (conf->sock4 != -1)
587 c26f2460 2023-06-08 op 			fatalx("socket ipv4 already recv'd");
588 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
589 c26f2460 2023-06-08 op 			fatalx("missing socket for IMSG_RECONF_SOCK4");
590 c26f2460 2023-06-08 op 		conf->sock4 = imsg->fd;
591 c26f2460 2023-06-08 op 		event_set(&conf->evsock4, conf->sock4, EV_READ|EV_PERSIST,
592 af1dab18 2023-06-09 op 		    do_accept, conf);
593 c26f2460 2023-06-08 op 		break;
594 c26f2460 2023-06-08 op 
595 c26f2460 2023-06-08 op 	case IMSG_RECONF_SOCK6:
596 c26f2460 2023-06-08 op 		if (conf->sock6 != -1)
597 c26f2460 2023-06-08 op 			fatalx("socket ipv6 already recv'd");
598 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
599 c26f2460 2023-06-08 op 			fatalx("missing socket for IMSG_RECONF_SOCK6");
600 c26f2460 2023-06-08 op 		conf->sock6 = imsg->fd;
601 c26f2460 2023-06-08 op 		event_set(&conf->evsock6, conf->sock6, EV_READ|EV_PERSIST,
602 af1dab18 2023-06-09 op 		    do_accept, conf);
603 c26f2460 2023-06-08 op 		break;
604 c26f2460 2023-06-08 op 
605 c26f2460 2023-06-08 op 	case IMSG_RECONF_FCGI:
606 5d22294a 2023-06-09 op 		IMSG_SIZE_CHECK(imsg, fcgi);
607 5d22294a 2023-06-09 op 		fcgi = xcalloc(1, sizeof(*fcgi));
608 5d22294a 2023-06-09 op 		memcpy(fcgi, imsg->data, datalen);
609 5d22294a 2023-06-09 op 		log_debug("received fcgi %s", fcgi->path);
610 5d22294a 2023-06-09 op 		TAILQ_INSERT_TAIL(&conf->fcgi, fcgi, fcgi);
611 c26f2460 2023-06-08 op 		break;
612 c26f2460 2023-06-08 op 
613 c26f2460 2023-06-08 op 	case IMSG_RECONF_HOST:
614 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, &vht);
615 c26f2460 2023-06-08 op 		memcpy(&vht, imsg->data, datalen);
616 c26f2460 2023-06-08 op 		vh = new_vhost();
617 c26f2460 2023-06-08 op 		strlcpy(vh->domain, vht.domain, sizeof(vh->domain));
618 c26f2460 2023-06-08 op 		h = vh;
619 e45334e6 2023-06-09 op 		TAILQ_INSERT_TAIL(&conf->hosts, h, vhosts);
620 deadd9e1 2023-06-09 op 
621 deadd9e1 2023-06-09 op 		/* reset proxy */
622 deadd9e1 2023-06-09 op 		p = NULL;
623 c26f2460 2023-06-08 op 		break;
624 c26f2460 2023-06-08 op 
625 c26f2460 2023-06-08 op 	case IMSG_RECONF_CERT:
626 c26f2460 2023-06-08 op 		log_debug("receiving cert");
627 86693a33 2023-06-11 op 		if (privsep_process == PROC_CRYPTO)
628 86693a33 2023-06-11 op 			return config_crypto_recv_kp(conf, imsg);
629 c26f2460 2023-06-08 op 		if (h == NULL)
630 c26f2460 2023-06-08 op 			fatalx("recv'd cert without host");
631 c26f2460 2023-06-08 op 		if (h->cert != NULL)
632 c26f2460 2023-06-08 op 			fatalx("cert already received");
633 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
634 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_CERT");
635 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->cert, &h->certlen) == -1)
636 c26f2460 2023-06-08 op 			fatalx("failed to load cert for %s",
637 c26f2460 2023-06-08 op 			    h->domain);
638 c26f2460 2023-06-08 op 		break;
639 c26f2460 2023-06-08 op 
640 c26f2460 2023-06-08 op 	case IMSG_RECONF_KEY:
641 c26f2460 2023-06-08 op 		log_debug("receiving key");
642 86693a33 2023-06-11 op 		if (privsep_process == PROC_CRYPTO)
643 86693a33 2023-06-11 op 			return config_crypto_recv_kp(conf, imsg);
644 c26f2460 2023-06-08 op 		if (h == NULL)
645 c26f2460 2023-06-08 op 			fatalx("recv'd key without host");
646 c26f2460 2023-06-08 op 		if (h->key != NULL)
647 c26f2460 2023-06-08 op 			fatalx("key already received");
648 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
649 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_KEY");
650 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->key, &h->keylen) == -1)
651 c26f2460 2023-06-08 op 			fatalx("failed to load key for %s",
652 c26f2460 2023-06-08 op 			    h->domain);
653 c26f2460 2023-06-08 op 		break;
654 c26f2460 2023-06-08 op 
655 c26f2460 2023-06-08 op 	case IMSG_RECONF_OCSP:
656 c26f2460 2023-06-08 op 		log_debug("receiving ocsp");
657 c26f2460 2023-06-08 op 		if (h == NULL)
658 c26f2460 2023-06-08 op 			fatalx("recv'd ocsp without host");
659 c26f2460 2023-06-08 op 		if (h->ocsp != NULL)
660 c26f2460 2023-06-08 op 			fatalx("ocsp already received");
661 c26f2460 2023-06-08 op 		if (imsg->fd == -1)
662 c26f2460 2023-06-08 op 			fatalx("no fd for IMSG_RECONF_OCSP");
663 c26f2460 2023-06-08 op 		if (load_file(imsg->fd, &h->ocsp, &h->ocsplen) == -1)
664 c26f2460 2023-06-08 op 			fatalx("failed to load ocsp for %s",
665 c26f2460 2023-06-08 op 			    h->domain);
666 c26f2460 2023-06-08 op 		break;
667 c26f2460 2023-06-08 op 
668 c26f2460 2023-06-08 op 	case IMSG_RECONF_LOC:
669 c26f2460 2023-06-08 op 		if (h == NULL)
670 c26f2460 2023-06-08 op 			fatalx("recv'd location without host");
671 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, loc);
672 c26f2460 2023-06-08 op 		loc = xcalloc(1, sizeof(*loc));
673 c26f2460 2023-06-08 op 		memcpy(loc, imsg->data, datalen);
674 deadd9e1 2023-06-09 op 
675 deadd9e1 2023-06-09 op 		if (imsg->fd != -1) {
676 2cef5cf4 2023-06-12 op 			if (load_file(imsg->fd, &d, &len) == -1)
677 2cef5cf4 2023-06-12 op 				fatal("load_file");
678 2cef5cf4 2023-06-12 op 			loc->reqca = load_ca(d, len);
679 deadd9e1 2023-06-09 op 			if (loc->reqca == NULL)
680 deadd9e1 2023-06-09 op 				fatalx("failed to load CA");
681 2cef5cf4 2023-06-12 op 			free(d);
682 deadd9e1 2023-06-09 op 		}
683 deadd9e1 2023-06-09 op 
684 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->locations, loc, locations);
685 c26f2460 2023-06-08 op 		break;
686 c26f2460 2023-06-08 op 
687 c26f2460 2023-06-08 op 	case IMSG_RECONF_ENV:
688 c26f2460 2023-06-08 op 		if (h == NULL)
689 c26f2460 2023-06-08 op 			fatalx("recv'd env without host");
690 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, env);
691 c26f2460 2023-06-08 op 		env = xcalloc(1, sizeof(*env));
692 c26f2460 2023-06-08 op 		memcpy(env, imsg->data, datalen);
693 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->params, env, envs);
694 c26f2460 2023-06-08 op 		break;
695 c26f2460 2023-06-08 op 
696 c26f2460 2023-06-08 op 	case IMSG_RECONF_ALIAS:
697 c26f2460 2023-06-08 op 		if (h == NULL)
698 c26f2460 2023-06-08 op 			fatalx("recv'd alias without host");
699 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, alias);
700 c26f2460 2023-06-08 op 		alias = xcalloc(1, sizeof(*alias));
701 c26f2460 2023-06-08 op 		memcpy(alias, imsg->data, datalen);
702 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->aliases, alias, aliases);
703 c26f2460 2023-06-08 op 		break;
704 c26f2460 2023-06-08 op 
705 c26f2460 2023-06-08 op 	case IMSG_RECONF_PROXY:
706 c26f2460 2023-06-08 op 		log_debug("receiving proxy");
707 c26f2460 2023-06-08 op 		if (h == NULL)
708 c26f2460 2023-06-08 op 			fatalx("recv'd proxy without host");
709 c26f2460 2023-06-08 op 		IMSG_SIZE_CHECK(imsg, proxy);
710 c26f2460 2023-06-08 op 		proxy = xcalloc(1, sizeof(*proxy));
711 c26f2460 2023-06-08 op 		memcpy(proxy, imsg->data, datalen);
712 deadd9e1 2023-06-09 op 
713 deadd9e1 2023-06-09 op 		if (imsg->fd != -1) {
714 2cef5cf4 2023-06-12 op 			if (load_file(imsg->fd, &d, &len) == -1)
715 2cef5cf4 2023-06-12 op 				fatal("load_file");
716 2cef5cf4 2023-06-12 op 			proxy->reqca = load_ca(d, len);
717 deadd9e1 2023-06-09 op 			if (proxy->reqca == NULL)
718 deadd9e1 2023-06-09 op 				fatal("failed to load CA");
719 2cef5cf4 2023-06-12 op 			free(d);
720 deadd9e1 2023-06-09 op 		}
721 deadd9e1 2023-06-09 op 
722 c26f2460 2023-06-08 op 		TAILQ_INSERT_TAIL(&h->proxies, proxy, proxies);
723 deadd9e1 2023-06-09 op 		p = proxy;
724 c26f2460 2023-06-08 op 		break;
725 c26f2460 2023-06-08 op 
726 deadd9e1 2023-06-09 op 	case IMSG_RECONF_PROXY_CERT:
727 deadd9e1 2023-06-09 op 		log_debug("receiving proxy cert");
728 deadd9e1 2023-06-09 op 		if (p == NULL)
729 deadd9e1 2023-06-09 op 			fatalx("recv'd proxy cert without proxy");
730 deadd9e1 2023-06-09 op 		if (p->cert != NULL)
731 deadd9e1 2023-06-09 op 			fatalx("proxy cert already received");
732 deadd9e1 2023-06-09 op 		if (imsg->fd == -1)
733 deadd9e1 2023-06-09 op 			fatalx("no fd for IMSG_RECONF_PROXY_CERT");
734 deadd9e1 2023-06-09 op 		if (load_file(imsg->fd, &p->cert, &p->certlen) == -1)
735 deadd9e1 2023-06-09 op 			fatalx("failed to load cert for proxy %s of %s",
736 deadd9e1 2023-06-09 op 			    p->host, h->domain);
737 deadd9e1 2023-06-09 op 		break;
738 deadd9e1 2023-06-09 op 
739 deadd9e1 2023-06-09 op 	case IMSG_RECONF_PROXY_KEY:
740 deadd9e1 2023-06-09 op 		log_debug("receiving proxy key");
741 deadd9e1 2023-06-09 op 		if (p == NULL)
742 deadd9e1 2023-06-09 op 			fatalx("recv'd proxy key without proxy");
743 deadd9e1 2023-06-09 op 		if (p->key != NULL)
744 deadd9e1 2023-06-09 op 			fatalx("proxy key already received");
745 deadd9e1 2023-06-09 op 		if (imsg->fd == -1)
746 deadd9e1 2023-06-09 op 			fatalx("no fd for IMSG_RECONF_PROXY_KEY");
747 deadd9e1 2023-06-09 op 		if (load_file(imsg->fd, &p->key, &p->keylen) == -1)
748 deadd9e1 2023-06-09 op 			fatalx("failed to load key for proxy %s of %s",
749 deadd9e1 2023-06-09 op 			    p->host, h->domain);
750 deadd9e1 2023-06-09 op 		break;
751 deadd9e1 2023-06-09 op 
752 c26f2460 2023-06-08 op 	case IMSG_RECONF_END:
753 c26f2460 2023-06-08 op 		if (proc_compose(ps, PROC_PARENT, IMSG_RECONF_DONE,
754 c26f2460 2023-06-08 op 		    NULL, 0) == -1)
755 c26f2460 2023-06-08 op 			return -1;
756 c26f2460 2023-06-08 op 		break;
757 c26f2460 2023-06-08 op 
758 c26f2460 2023-06-08 op 	default:
759 c26f2460 2023-06-08 op 		return -1;
760 c26f2460 2023-06-08 op 	}
761 c26f2460 2023-06-08 op 
762 c26f2460 2023-06-08 op 	return 0;
763 c26f2460 2023-06-08 op }